npmpackage.info

Gathering detailed insights and metrics for swagger-ui-dist

Gathering detailed insights and metrics for swagger-ui-dist

swagger-ui-dist

Swagger UI is a collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API.

5.18.2

26,802

Apache-2.0

JavaScript

426.08 kB

465,782,164 6.4

Installations

npm install swagger-ui-dist

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Node Version

18.17.1

NPM Version

9.6.7

Score

99.8

Supply Chain

82.5

Quality

89.5

Maintenance

100

Vulnerability

87.6

License

Pull Requests

Open

83

Total

4,316

Closed

1,059

Merged

3,174

Issues

Open

1,157

Total

5,543

Closed

4,386

Releases

349

Swagger UI v5.18.2 Released!

Published on 07 Nov 2024

Swagger UI v5.18.1 Released!

Published on 05 Nov 2024

Swagger UI v5.18.0 Released!

Published on 05 Nov 2024

Swagger UI v5.17.14 Released!

Published on 28 May 2024

Swagger UI v5.17.13 Released!

Published on 27 May 2024

Swagger UI v5.17.12 Released!

Published on 21 May 2024

View all 349 releases

Contributors

535

View all 535 contributors

Languages

6

JavaScript

SCSS

HTML

Shell

Dockerfile

CSS

JavaScript (94.91%)

SCSS (3.75%)

HTML (0.96%)

Shell (0.28%)

Dockerfile (0.07%)

CSS (0.02%)

Developer

Download Statistics

Total Downloads

465,782,164

Last Day

724,026

Last Week

3,699,364

Last Month

12,542,735

Last Year

168,358,431

GitHub Statistics

26,802 Stars

6,579 Commits

8,992 Forks

645 Watching

51 Branches

535 Contributors

Bundle Size

1.44 MB

Minified

426.08 kB

Minified + Gzipped

Bundlephobia

Maintainers

4

Package Meta Information

Latest Version

5.18.2

Package Id

swagger-ui-dist@5.18.2

Unpacked Size

10.69 MB

Size

2.94 MB

File Count

24

NPM Version

9.6.7

Node Version

18.17.1

Publised On

07 Nov 2024

Total Downloads

Cumulative downloads

Total Downloads

465,782,164

Last day

5.9%

724,026

Compared to previous day

Last week

19.1%

3,699,364

Compared to previous week

Last month

-24.5%

12,542,735

Compared to previous month

Last year

32%

168,358,431

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

1

Versions

Swagger UI Dist

Anonymized analytics

SwaggerUI Dist uses Scarf to collect anonymized installation analytics. These analytics help support the maintainers of this library and ONLY run during installation. To opt out, you can set the scarfSettings.enabled field to false in your project's package.json:

// package.json
{
  // ...
  "scarfSettings": {
    "enabled": false
  }
  // ...
}

Alternatively, you can set the environment variable SCARF_ANALYTICS to false as part of the environment that installs your npm packages, e.g., SCARF_ANALYTICS=false npm install.

API

This module, swagger-ui-dist, exposes Swagger-UI's entire dist folder as a dependency-free npm module. Use swagger-ui instead, if you'd like to have npm install dependencies for you.

SwaggerUIBundle and SwaggerUIStandalonePreset can be imported:

1  import { SwaggerUIBundle, SwaggerUIStandalonePreset } from "swagger-ui-dist"

To get an absolute path to this directory for static file serving, use the exported getAbsoluteFSPath method:

1const swaggerUiAssetPath = require("swagger-ui-dist").getAbsoluteFSPath()
2
3// then instantiate server that serves files from the swaggerUiAssetPath

For anything else, check the Swagger-UI repository.

Stable Version

Stable Version

5.18.2

MODERATE

2

MODERATE

6.1/10

Summary

Spoofing attack in swagger-ui-dist

Affected Versions

< 4.1.3

Patched Versions

4.1.3

MODERATE

0/10

Summary

Server side request forgery in SwaggerUI

Affected Versions

< 4.1.3

Patched Versions

4.1.3

10

Security-Policy

Determines if the project has published a security policy.

10

Maintained

Determines if the project is "actively maintained".

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

10

SAST

Determines if the project uses static code analysis.

10

Packaging

Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.

6

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

2

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

2

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 2

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/codeql.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/codeql.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/codeql.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dependabot-merge.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/dependabot-merge.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dependabot-merge.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/dependabot-merge.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-build-push.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-push.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-push.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-push.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-push.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-build-push.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-build-push.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-push.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-push.yml:129: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-image-check.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-image-check.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/nodejs.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/nodejs.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/nodejs.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/nodejs.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/nodejs.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/nodejs.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-swagger-ui-react.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui-react.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-swagger-ui-react.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui-react.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-swagger-ui.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-swagger-ui.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-swagger-ui.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-swagger-ui.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-swagger-ui.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-swagger-ui.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui.yml/master?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:5: pin your Docker image by updating nginx:1.27.3-alpine to nginx:1.27.3-alpine@sha256:814a8e88df978ade80e584cc5b333144b9372a8e3c98872d07137dbf3b44d0e4
Info: 0 out of 18 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 11 third-party GitHubAction dependencies pinned
Info: 0 out of 1 containerImage dependencies pinned
Info: 5 out of 5 npmCommand dependencies pinned

1

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Fuzzing

Determines if the project uses fuzzing.

Score

6.4

/10

Last Scanned on 2025-01-06

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.